Businesses can't function without confidential information.
The law of confidential information applies in industrial, commercial, government, and personal contexts, and:
- protects information in all of its forms, regardless of the media that it is recorded, and when it's kept in people’s heads and never written down
- before other forms of intellectual property come into existence, or never will
What is Confidential Information?
The underlying basis of protection of confidential information is that receivers of confidential information will not be permitted to take unfair advantage of it.
Confidential information is information which: Coco v AN Clark (Engineers) Ltd (1969).
- is not in the public domain and common knowledge (which is the opposite of confidentiality)
- not trivial or useless information. It must have some importance or value.
- does not require commercially, financial or monetary value.
- must not be too vague. It must be sufficiently developed and "capable of being realised as an actuality".
Aspirational ideas which lack detail do not usually qualify
- would cause harm to the owner or be advantageous to rival businesses, if it was disclosed.
The law of confidential information But in the end the real truth is that it is not property in any normal sense but equity will restrain its transmission to another if in breach of some confidential relationship
- of any particular information is assessed using an objective standard
- the context of commercial usage and practices of the industry in which the owner operates
- does not rely upon the complexity, bulk or market value of the information.
Simple, brief and cheap information can attract protection.
For example when a person memorises reads or confidential information and then:
- makes their own summary of the information, or
- repeats it to a person not entitled to receive it,
that person is headed in the direction of a breach of confidentiality.
Types of Confidential Information
There are well established categories of information which are considered confidential, while it maintains the qualities of confidential information.
All sorts of business information can be classified as confidential information, such as:
- Financial information, such as:
- financial forecasts and projections
- price-sensitive information, operating ratios, capital figures, expenses
- the price to be paid for assets in a joint venture
- Business information
- business plans and strategies
- management information and management accounts
- acquisition costs; average profit figures and net loss ratios
- strategic information, information in relation to clients and staff
- highly customised policies and procedures
- Customer Information
- lists of customers
- their buying preferences
- profit margins and prices charged
- volumes of sales of products or services
- Information Technology
- software and databases
- algorithms, secret formulae, technical processes
- engineering drawings
- data diagrams
- Research and development
- results of product testing
- clinical research
Duty of Confidentiality
In the UK, the duty of confidentiality is not a property or proprietary right. It is a legal right to prevent its transmission to another person in breach of a confidential relationship,
The duty of confidentiality arises when a person receives information and:
- the person knows, or
- should have known,
the communication contained confidential information in the circumstances of the communication.
So, the duty arises when the information has been imparted in circumstances imposing an obligation of confidence: in such a way that secrecy was to be maintained.
Methods of Receipt
Confidential information can be received in a number of ways. Provided the information was protected as confidential information, the duty of confidentiality arises when:
- the receiver was told that information was confidential before they received it
- a reasonable person would expect a duty of confidentiality to exist, such as:
- employment, doctor-patient, accountant-client and solicitor-client relationships. Confidentiality is assumed from the outset in these situations
- commercial arrangements where it was clear or obvious that a duty of confidentiality existed
- parties to a contract have agreed that information exchanged will be confidential
- information protected by a duty of confidentiality is obtained by a person, and an element of dishonesty or underhand conduct exists, such as electronic eavesdropping or dumpster diving
- the recipient of the confidential information in turn passes the information to someone else.
The law of confidential information affects third parties too.
When a third person knows they have received confidential information from a confidant, they may be liable for their own use and disclosure.
It includes third persons who are wilfully ignorant of the possibility that the information was obtained in breach of confidence and closed their eyes to the possibility that the information is confidential, or where they have been told the information is confidential.
Sharing Confidential Information
The fact that some members of the public may know the information does not necessarily destroy confidentiality of information.
Being known to a limited number of members of the public does not itself destroy confidentiality in information.
Confidentiality is maintained in information for so long as the information doesn’t fall into the public domain and thereby become public knowledge.
It’s when its disclosed to “a substantial number of people” that confidentiality is lost.
Whether disclosure of confidential information destroys confidentiality is a question of degree.
There is often more than one person in a ring of people who know confidential information. Information with limited distribution retains its confidentiality.
For example, depending on the background, disclosures may be made in a context where confidentiality is not lost:
- a research study might be confidential within a department of a university. A client list might be known by dozens of people within a business
- an accountant might send sensitive financial information to another consultant on behalf of the client
- a client of a solicitor may provide witnesses with confidential communications for the purposes of preparing a witness statement
- sales figures may be shares amongst the sale team of a business
That does not necessarily stop the information from being confidential information.
When information is disclosed, and owner of the right of confidentiality fails to specify any restrictions on use, confidentiality is likely to be lost. Courts are not likely to prevent further disclosure unless the confider can show that the recipient should have known the limits on further use.
Breach of Confidentiality
In order to sustain a claim for breach of confidence, the claimant must show that the information:
- is confidential information, ie maintain confidentiality
- must have been imparted in circumstances importing an obligation of confidentiality to the confidant
- was used or is threatened to be used in an unauthorised way.
Unauthorised use of information takes place when it is
- misused by the recipient for their own purposes, and/or
- disclosed or disseminated to any other person, without authority
Receiving Confidential Information
The way the information was received by the person plays an important part in what might be considered a breach of confidentiality and what might not be.
Confidential information may be received - or disclosed any number of ways, which include:
- from the confidant, directly
- by accident, carelessness, or mistake, either directly from the confidant or through a person in whom the confidant has confided
- from a third party, indirectly (who owes a duty of confidence to the confidant), with or without warning that the information is confidential
- secretly through dishonest, discreditable or reprehensible means or conduct, either directly or indirectly
Where the disclosure or use is authorised, there's not likely to be a breach of confidentiality.
But when it happens without authority or consent, legal rights arise enabling the owner to protect its confidentiality.
Example: Limited Purposes & Unlawful Use
Suppose a recipient of software source code (protected as confidential information) was told that they could only use the software for the purposes of private study. It has been received subject to a condition – the limited purpose of private study.
For the recipient to go off distribute it around his workplace for everyone else’s private study would be an unlawful disclosure of the software. For him to use the information to diagnose errors in computer systems (without disclosing the software to anyone else) would be misuse of the software.
This means that confidential information contained in (say) a document is protected from being passed on by:
- speaking it to an unauthorised recipient
- communicating it by email, instant message or any other means without consent
- using it for a purpose outside the bounds of what is permitted
- making article/object described by the information which is confidential
Mixing Secret and non-secret material
Confidential material shouldn’t be mixed up with non-confidential material.
It’s too hard for courts to decide which are the confidential parts and which aren’t. If a business is not able to delineate confidential information from non-confidential parts, claims for breach of confidentiality are likely to fail.
Are publicly available materials confidential?
Confidential information may be made up from publicly available material – the hard work of creator is sufficient to protect against disclosure.
Confidentiality depends on the collated information itself, and not upon the quality of its constituent parts.
For example, compilations of information in the public domain may be confidential. The names of customers may be public knowledge, yet a list of customers is likely to be considered confidential while the list of names is kept secret.
Defences to Breach of Confidentiality Claims
The most common defences to claims of misuse of confidential information include:
- The information is not a trade secret or confidential at all: previous disclosures mean that the information is in the public domain
- A restrictive covenant intended to prevent use of confidential information goes further than what is reasonably necessary for the protection of the business, and is therefore void
- The alleged confidential information was not disclosed to the confidant in circumstances there was an obligation of confidentiality, and is therefore no longer confidential
- The alleged confidentiality forms part of an illegal contract or is otherwise unlawful
- The disclosure was in the public interest, such as in respect of a crime or a civil wrong (the motive of discloser not usually relevant)
- Competition law applies to renders the confidentiality void
- The claimant doesn’t come to court with clean hands
- Disclosure is a 'qualifying disclosure' under the Public Interest Disclosure Act 1998, s.6 (aka "whistle-blowing").
It's no defence to a breach of this duty to say that the information was publicly available, if the confidential information of the claimant was the version sourced.
For example, the details of customers on confidential lists of customers will be in the public domain. To contact those potential customers using the list itself is misuse of the confidentiality in the list of customers.
Defence: Public Interest Defence
The public interest defence applies when the defendant shows that disclosure should take place to the public at large or to a restricted class of people.
To be available to a defendant, there must be “just cause” for breaking the duty of confidence. The classic statement is that a person cannot be made the "the confidant of a crime or a fraud". Availability of the defence is now quite a bit wider, which includes in the appropriate case:
- illegal or immoral practices
- exposure of hypocrisy
- improper practices or deliberate concealment, such as economic information
- information which corrects a false impression or image and
- sometimes incompetence.
The behaviour to justify the defence will be approaching disgraceful or criminal in the eyes of a court.
European Convention on Human Rights
Article 10 of the European Convention on Human Rights may justify breach of confidence where disclosure is in the public interest. Whether it is justified is highly fact sensitive – it depends on precisely what happened.
Article 10 requires balancing the claimant's right to confidentiality with the defendant's right of freedom of expression.
It must be that the right of freedom of expression is - in the particular circumstances - "necessary in a democratic society". It involves a weighing exercise between the Article 10 rights of the discloser and the holder of the right to confidentiality. It’s not whether the confidential information in question is in the interest of the public.
When relying on public interest defence, a limited disclosure is preferable. That may be to the appropriate industry regulator or dedicated crime authority, rather than to the public at large. It is about proportionality of the disclosure. Going to the media at large is extreme.
Differences: Confidential Information v Copyright
Copyright law only protects against reproducing a “substantial part” of a copyright work. To distribute or reproduce a copyright work without the permission of the copyright owner is an infringement of copyright. It can be restrained by an injunction.
For some context: Let’s say the copyright work describes how to make a new invention.
Let’s say it is an invention that negates gravity: you can float without upwards thrust or propulsion (it would be pretty neat). For this example, assume that if you make the invention to the description, it will work.
For the purposes of copyright law, the description is a literary work.
To photocopy it, email it or publish it without permission would infringe the copyright in the work.
Copyright law does not "care" what is communicated by the copyright work. What it does care about is the precise words used.
If the document is only protected by copyright law, it would not infringe copyright to make the anti-gravity machine to the description.
Confidential copyright works
The contents of the copyright work may or may not be confidential. The description of the invention in the copyright work protected by the law of confidential information.
That means that the information communicated by the description is confidential.
Confidentiality gives broader - but different - protection than copyright law.
This is so because it protects not just against copying the words, images or other works protected by copyright .
It protects the information contained in or communicated the copyright work.
How long does protection of confidential information last?
Protection of confidential is indefinite or perpetual.
Information is protected by the law of confidential information for so long as the information is kept confidential.
Civil or Criminal Law?
Industrial espionage and genuine theft of information doesn’t exist in this area of law.
There may be a claim under the Theft Act for theft of an object (say the paper that the confidential information is written on), but not of information in its own right.
This is primarily because the right to keep information secret is not a personal property right – it is a right to sue to prevent others from disclosing or misusing information (which is secret).
In technical language, it's a “chose in action” – an intangible right to sue for enforcement of the duty of confidentiality.
Legal Remedies for Breach
Court based legal remedies for misuse of confidential information or threatened misuse of confidential information include:
- Disclose the defendant’s use of confidential information – ie enable customer contact to notify of wrongdoing
- a special kind of injunction, known as a ‘springboard’ injunction. More on this below.
- injunctions to restrain dissemination of confidential information
- a garden leave injunction to enforce the remainder of a garden leave period of an employee
- Orders to preserve evidence of wrongdoing
- Enforcement of restrictive covenants
- Damages or an account of profits arising from the loss of confidentiality caused by public disclosure;
- a constructive trust, whereby a person is ordered that they hold property or assets on behalf of a claimant
- an order for delivery-up of offending material and/or its destruction
- the legal costs of the successful claimant be paid by the unsuccessful party
When confidential information is under a real and imminent threat of disclosure, a court has a range of powers to address the breaches and prevent further unlawful disclosures.
For instance, search orders may be available where it can be shown that there would be a real risk of destruction of evidence of the wrongdoing perpetrated.
In some cases, it may be known that confidential information has been obtained by a competitor. But it is not known who supplied it to them.
In these cases, an order for third party disclosure or a Norwich Pharmacal Application may be used to identify the appropriate defendant to bring action against them, or make an Order against the public at large (ie an injunction contra mundum).
Springboard injunctions are designed to prevent wrongdoers from taking advantage of their own wrongdoing. It deprives them of the head start that would be gained by using misappropriated confidential information. These injunctions are made for a limited period of time expressly for that purpose.
They are usually obtained at an early stage of the dispute: when the wrongdoing is first discovered the wrongdoing.
It's a temporary remedy.
They're designed to restore the parties to the position they were in before the breach of confidence took place. That is, sterilise the illegitimate competitive advantage which has been alleged by the owner of the confidentiality.
They are not made to otherwise affect the business of the defendant.
Just because an injunction is ordered, doesn’t deprive the innocent party of an award of damages.
As with all injunctions, delay applying for court-based relief is often fatal. Courts require litigants to act quickly (within days or a small number of weeks, not months). The application must be made while the unlawful behaviour is still being carried out. Those who say that they suffer serious damage as a result of someone else’s wrongful use of their confidential information to justify making an injunction must take action quickly.
FAQ: Common Questions and Legal Issues
1 Who can sue over an illegal disclosure or misuse?
It is the owner of the right of confidentiality that has the right to sue to enforce the right. This is not necessarily the owner of the confidential information itself.
2 What about joint owners of confidential information?
Unless there is a contractual arrangement to the contrary, joint owners can each do what they want with the confidential information. A joint owner cannot restrain another joint owner from using and/or disclosing the relevant information.
3 What if there is no confidentiality provision in a contract?
It doesn’t follow that just because a confidentiality provision doesn’t appear in a contract, the contract isn’t confidential. Provided the tests for confidentiality is satisfied, the contract itself is confidential.
4 When is confidentiality lost?
Confidentiality is lost when the information is released to the public domain: when it becomes freely accessible to members of the public, whether any member of the public views it or not.
Information which public knowledge cannot be confidential. No matter how confidential it may once have been. Once it’s lost, it’s gone forever.
5 What does "Commercial in Confidence" mean?
"Commercial in Confidence" is usually used at the beginning of correspondence and documents.
The sender of the document or letter is putting the recipient on notice that the sender considers the contents of the document to be confidential. There is no substantial difference between using the term "Commercial in Confidence" and the word "Confidential".
The practice is adopted to:
- put it beyond beyond doubt that the communication retains its confidentiality
- adhere to the common law principle that a recipient must be put on notice before the communication that the information is confidential: not after the information has already been disclosed.
6 How does a business assert confidentiality?
A whole series of formulations of words are frequently used to assert confidentiality.
Some of the terms used to assert confidentiality in a document or communication include:
- "Private and confidential", "Personal and Confidential", "Highly Confidential", "Confidential Proprietary Information", "Confidential Document", "Private and Confidential Information", "Not for Distribution: confidential". They all mean the same thing. The communication is intended to be secret.
- "Privileged and Confidential". Privileged is a reference to legal professional privilege
- "Without prejudice and Confidential". With prejudice is a reference to the without prejudice rule, otherwise known as the without prejudice privilege.
Tips to maintain confidentiality
Your business must take “reasonable” steps to protect confidential information. If you are not able to show that you care about it, no-one else will. From a legal perspective, that is. Including the person that takes it.
A combination of positive steps which are able to be proven with a witness statement is the best way. Because that it how it would have to be done.
Establish a framework for protection
These days, there are policies and procedures for practically every part of a commercial enterprise.
You should document the steps and procedures that you apply and enforce them where necessary (and hopefully audit for effectiveness).
With the GDPR and equivalent on the cards to apply post-Brexit in the UK, confidentiality should be a part of life for most businesses these days.
That’s the first step. The second is to show that you have a procedure that exists. Then show that it is not documentary lip service.
Notices and Warnings
Primarily though, it is about putting recipients of confidential information on notice that what they are about to receive is confidential. Tell them it’s secret. Not to be disclosed. Not to be used other than for limited purposes.
Saying that the materials are confidential after disclosure to them has been made is too late (unless it can be shown from the circumstances that disclosure took place in secret and was confidential information). Not an ideal situation.
This sort of ambiguity – where one needs to tell the story of the circumstances of the disclosure – is painful, difficult and not the optimal situation.
This is one of the reasons why expert solicitors suggest that non-disclosure agreements are signed by recipients prior to handing over anything that might be considered confidential. The writing – ie the contract – makes it clear what may be done with the information received. The permissions should be as limited as possible. No more than what is needed.
- Email: Using email footers stating that the contents of the communication may contain confidential information, such as:
“This email and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose, use, store or copy the information contained in this email.”
- Letters: Heading up letters with the words “Confidential Information”
- Meetings: Start meetings and give advance notice that the meeting will be conducted in private and information exchanged will be confidential
- Encrypt – with password protection - confidential information at rest and in motion, over the internet and elsewhere such as on storage media
- Notices in procedures for induction of new employees and consultants
- Provisions in employment contracts and freelancer agreements
- Provisions in employee handbooks, and perhaps a confidentiality policy
In Business Contracts
- There are confidentiality agreements, and then there are confidentiality agreements. Not all are equal. I’m sad to say that we have advised on our fair share which look like confidentiality agreements, but they’re not. Many contain wording that mean that the recipient can disclose what they are told, despite all the wording that impresses upon the reader that secrecy is sacrosanct between the parties to the contract
Regulate authority to distribute
- Maintain lists of known persons (by job role, perhaps rather than by name) authorised to release confidential information of different gradings
- Physical procedures, such as locked rooms, safes, and password protected computers and servers
Misuse or Threatened Misuse
- If there is a serious risk of release or misuse of the information, you need to take action. Quickly. Otherwise you lose the ability to obtain urgent injunctive relief to prevent the situation worsening
Non-confidential and Confidential
- Keep non-confidential information separate from information which you say is not confidential where possible. Mixing the two together may be fatal to protecting the secret parts
We're expert intellectual property solicitors.
Confidential information often overlaps with other intellectual property rights to protect information owned by third parties and knowledge-based assets.
We've represented business to recover from breaches of confidence by:
- senior and junior employees taking customer lists and computer source code to set up new businesses
- recovering from innocent and mistaken disclosure of information to third parties
- appearing for clients in courts to arising from wrongful use and disclosure of confidential information to third parties
We advised leaders in markets on developing intellectual property and maximising protections available in negotiations and preserving confidentiality after sale into the public domain, and guarding against reverse engineering of confidential information.
For legal help involving breaches of confidentiality and disclosures of confidential information to those who should not receive it, call us on +44 20 7036 9282 or email us on email@example.com.